Trusted Wireless Health – A New Approach to Medical Grade Wireless

Several current trends give cause to rethink the design of wireless systems in medical buildings.

Increasingly, patients are bringing in their connected smart devices and expecting the hospital to provide wireless internet services for free. Studies conducted over the last six years show that guest traffic in these facilities has risen from less than 10 percent of all Wi-Fi traffic to as much as 95 percent of the total airtime and bandwidth.

Within the hospital, advances in medical technology bring greater demand for more wireless devices, in large part so that patients can be mobile while being treated and also eliminate wires that can cause hazards. The Internet of Things (IoT) is arriving in medical care in the form of wearable sensors, which must communicate data affecting the safety of the patient regardless of where they are and despite adverse local radio frequency (RF) conditions.

Procurement of new technology is often driven by specific medical departments based on their needs for improved products, but without consideration of how it will coexist with current equipment and guests. Often, purchase decisions consider only the cost of the device itself, not the total cost including risks brought on by incompatibility to other wireless-based systems.

In addition, there is an increased need for medical devices designed to work not only in the hospital, but also in the patient’s home. Away from the medical facility, these devices must communicate reliably and securely back to the caregivers’ systems. What if the patient could be discharged, freeing up valuable resources, with the assurance that the medical data was reliable and secure and that the patient could be located as needed?

These trends combine into a perfect storm of high growth in user demand for wireless services. The healthcare community is ill-prepared to manage this challenge alone. Exacerbating growing demand are the potential for co-channel interference, device makers’ calls for proprietary networks, and a lack of vendor-neutral best practices or standards against which network infrastructure can be installed and measured. These factors contribute to high costs and low network reliability.

Can a single solution be found to these varied concerns and objectives? This article proposes an integrated plan for Trusted Wireless Health (TWH). In TWH, choices made in one area can affect, and in turn are affected by, those made in other areas under consideration. All must coexist.

A Determined Policy

The wireless healthcare environment is characterized by inconsistent and widely varying practices, as well as a lack of design and implementation standards. The hospital setting in particular faces explosive growth in consumer and medical wireless devices. Left unchecked, it is almost impossible for clinicians’ tablets or computers on wheels to work simultaneously with patients’ smartphones, wireless ventilators, monitors and infusion pumps at the level of assurance required in a medical setting.

A starting point is to consider the risk of action or inaction, the residual risk, and possible methods of risk mitigation. A guide to these sorts of consideration is the standard documented in ISO-80001-1 and other associated standards, which ask the hospital to consider risks, mitigate what risks they can and thoroughly document and accept the risks that remain.

TWH is part of a complete, hospital-wide risk assessment to understand the vulnerabilities of a wireless system (Figure 1). Risk analysis consists of hazard identification: the risky situations and root causes, an estimate of the potential harm of each hazard and its severity, and an estimate of the probability of harm. Risk acceptability must be evaluated and a risk versus benefit versus cost analysis performed. Risk control measures must be identified, documented and implemented, and their efficacy evaluated. Residual risk must be reported and accepted at the C-level and constantly iterated.

As a result, the hospital quickly comes to realize that allowing wireless in the hospital to be driven by the needs of individual departments carries such great risk that a determined policy on wireless services, purchases, implementation and ongoing use must take place. The policy creates a constancy of purpose toward the improvement of the provided medical services as a whole, and reminds everyone that wireless is a critical component of those improvements. It ends the practice of awarding vendor business on the basis of a lone price tag or discrete needs and focuses on the goal of minimizing total costs, which include the costs of medical risk.

How Does TWH Differ from MGWU?

Medical Grade Wireless Utility (MGWU) was a valuable starting point from which the TWH geometric RF design evolved. TWH RF continues the concept of providing separate layers of traffic and expands on it. It starts with a listing of a dozen changes a hospital can do in a few hours to provide some immediate relief, buying time to more thoroughly revamp the RF environment.

TWH RF differs from MGWU in a few aspects. First, it is not solely concerned with pushing as much signal out over as large an area as possible. Instead, it concerns itself with many access points (APs) operating at a relative RF whisper. This provides several advantages, including large increases in capacity and lower RF noise levels.

A key consideration is that today’s client devices have very low power. Symmetry in the downstream/ upstream requires that APs be designed, not at the maximum permitted power of 17-20 decibels per millwatt (dBm), but with the 5-11 dBm that the end device can provide. This, in turn, rapidly shrinks the coverage area of each AP. This higher density increases system capacity. The necessity is for more, lower power APs. But it also provides a challenge—how to prevent interference between all the APs?

MGWU was heavily dependent on a distributed antenna system (DAS) for RF propagation. With today’s prevalence of multiple input, multiple output (MIMO) technologies, which require multiple separate RF sources and receivers, a DAS would need to consist of as many individual RF distribution systems as there are contemplated streams of MIMO. Essentially, if there is one DAS for a single stream legacy system (SISO), a 2x MIMO would require two complete DAS systems, a 3x MIMO would require three, and so forth. The space and cost requirements to create a DAS-based MGWU become prohibitive. TWH RF implements the MGWU using precise geometry and spatial separation. The result offers lower costs of infrastructure installation, which help offset the additional AP counts required by the lower power settings.

Consider also that advances in miniaturization have created a range of small radios for carrier-based services, also called small cells or femto cells. For the purposes of this article, these radio sources shall be referred to as tiny cells. Their chief characteristic is that they can bring in carrier signals from the outside without the need for a DAS to distribute the signals. They function as base stations with or without coordination to the macro cells in the outside world, communicating via industry-standard Ethernet provided by the carriers or sublet traffic on the building enterprise network structured wiring.

Advances in unlicensed spectrum continue with the addition of technologies such as Bluetooth® low energy (BLE), LTE in unlicensed spectrum (LTE-U)—which brings carrier traffic out from the licensed bands into Wi-Fi space—and other users of the spectrum. All this occurs under the Federal Communications Commission mandate that all users within unlicensed spectrum must coexist.

Fundamentals of TWH

TWH is a vendor-neutral, future-ready wireless and wired infrastructure able to transport wireless signals from medical devices of established vendors and new and startup vendors alike. It consists of a design that allows for up to seven independent wireless services across eight wireless networks, which together constitute an infrastructure shaped to the building and engineered to deliver appropriately assured wireless service

at the locations in the healthcare enterprise as required by need. TWH RF provides for the future placement of new technologies, such as LTE-U, without the need to completely redesign each layer of previously installed service.

TWH creates up to seven completely independent wireless networks at the critical 5-6 gigahertz (GHz) band and one additional wireless network in the 2.4 GHz band. The first three of seven independent 5-6 GHz networks are referred to here as the Red, Green, and Blue networks. While each color layer can be assigned at will, normally the Red network layer at 5-6 GHz will constitute services for the enterprise itself—the doctors, nurses, and devices providing patient care. At 2.4 GHz, the Red network will provide for enterprise legacy devices that do not have 5-6 GHz capabilities. The Green network at 5 GHz will constitute services for guests, the patients and their visitors. The Blue network is designed to be used at 5-6 GHz for new services on otherwise incompatible technology, such as LTE-U, and at 2.4 GHz for services such as BLE for wayfinding and other applications that develop.

Figure 2 is an excerpt from a ceiling plan design by a major architectural firm specializing in hospital design. Following TWH RF rules, the architect was able to create a MGWU out of individual APs, placing APs out of the way of various ceiling obstructions, yet correctly positioning them to provide excellent RF coverage. The three (or more) layers discussed are all located in advance, so Ethernet category 6a (or otherwise specified) cables can be pulled to each location, even if all layers are not implemented in all areas of the hospital. For example, an operating room might not need the Blue layer, but might wish to implement both the Red and Green layers as a set of redundant services for hospital medical personnel and devices. In other areas of the hospital (for example, in patient rooms), the Red and Green layers would exist as two separate networks, one for hospital services and one for guests, while the Blue layer would represent the locations of a carrier-supplied tiny cell network.

Each large circle represents a gross AP location, while the actual AP is indicated by a small square. Note that the squares are located directly in the middle of a reflected ceiling plan 2×2 grid, allowing for the AP to be located in a tamper-resistant decorative panel consistent with the ceiling layout. This simplifies installation.

The additional four layers (above and beyond the three in the example above) derive from a lattice arrangement suggested by the packing of atoms in a crystal. The Center for Medical Interoperability has developed the methodology and will be licensing it free of charge to providers working with their membership.

A wireless network designed around the principles of TWH will provide the critical underpinning for: u Dense, low-signal level RF coverage u Trusted and verified design for capacity and coverage

w Licensed at no cost to architects working on member projects w Architect ensures APs are integral to all systems w Allows for multiple frequency segregated traffic networks

Elevator, stairwell and difficult access areas considered

w AP RF design power matched to clients, not max permissible

A wired network designed to support wireless needs

Detailed implementation and configuration procedures

Wireless 100 percent verified and validated after install and configuration

Trusted Interoperable Devices

Trusted Interoperable Device certification needs to guide both vendor product development and enterprise procurement. Validation of devices to the TWH RF design will consider aspects beyond the Wi-Fi alliance certification.

When evaluating a device, the questions asked should include: How does it react to higher data rates? How much power does it send out? How does it behave in roaming?

Device behavior concerning roaming is a particularly important question. Does the device stay put when RF conditions are good enough, and does the device move to a new AP when RF conditions become adverse? There are many devices today which, despite being placed in an environment with several good signals all more than adequate to communicate, constantly hop from one AP to the next, with each jump causing a roam event. Certification will examine how a device behaves when the signal degrades below a certain threshold. Does the device actively seek a new link, or does it hold on to the existing AP?

Client radios are ever smaller, with smaller battery capacities. Thus, the RF design of the client changes accordingly. The transmit power is lower and, coupled with some increase in data rate, the time the radio needs to be on is less, which increases battery life. With the lower transmit power, it is not sufficient that the enterprise sources (APs) be designed to blanket an area at high power that the clients can hear; it is instead required that the APs be placed at a sufficient design density so that, when matched to the power of the client, both sides can hear each other (symmetric power). Even at the low power, the signal-to-noise ratio must be high enough that the data rate is sufficient to send a message in a quick burst and then turn off the power-draining radio.

As an integral part of TWH, the procurement process for wireless devices needs to be reconsidered. It is not sufficient to purchase a device that meets some standards in an antiseptic environment. The device must be able to coexist with all other devices found in the environment, including those carried by guests. Devices that can pass some sort of certification scheme as to interoperability must be clearly and correctly identified, and then be placed on a network of their own, while the rest must be segregated in some way so as to permit the certified devices some guarantee of service.

Additional capacity in a given area can only come from an increased density of APs of an existing technology, or an introduction of a new, possibly incompatible, technology. Knowing how much traffic a given device or application generates and how often it does so provides the architect designing the AP placement a basis on which to adjust the density of APs. The IT department and the wireless management system are then afforded the opportunity to adjust wireless services accordingly.

Until and unless the air-time arbitration scheme moves to something other than the decades-old 802.11, wireless will always have some chance of packet loss. Thus, there can never be any absolute guarantee of service. The potential loss of packets must be considered in the overall risk assessment within a hospital facility. The risk of failure can be mitigated by providing overlapping services, but that ability must have devices which do not hop from AP to AP as noted above.

Trusted Location-Finding Abilities

The ability to find people and objects will be made possible by tags that use both Wi-Fi and precision guidance of non-Wi-Fi sources. In the unlicensed bands, location is done at 2.4 GHz rather than at 5 GHz by necessity—it propagates most easily. Actively chirping tags associated with equipment and personnel need to do so more than once per occurrence. It has been demonstrated that a tag that chirps three times on each of the three channels is highly effective. Tags that only chirp once (or only once per channel) tend to give false readings. TWH geometric RF design provides a guarantee of three APs within approximately a 7.6 meter (25 feet) line of sight to each tag or radio source, which results in superior location resolution (Figure 3). Time difference of arrival (TDoA) and angle of arrival (AoA) systems from devices at the existing locations will further improve the location-finding methods. Another current trend is to invert the BLE beaconing system, using BLE not as a source, but rather by placing a high density of receivers looking for BLE sources in motion. The TWH geometric design provides for the specific locations of a nearly ideal grid for such a system.

Privacy and Security Considerations

TWH considers that privacy is a requirement for medical data whether the devices are within the hospital or outside the hospital grounds. Medical devices certified as interoperable at the device and application levels both must be identified uniquely and securely. There is no need to reinvent the process; there are multiple solutions in the market that allow for assigning a unique certificate per verified component. Identified and authenticated devices and applications will be allowed access to virtual local area networks (VLANs), which in turn permit access to servers containing the requisite information. Those who fail access control will be shunted to general access on the outside. Patients and other guests inside the building will be provided an easy method by which to obtain a temporary certificate, all the while holding at bay those living in the area or commuting by the building.

Trusted Applications and Interchange of Data

While today’s devices communicate well with their own servers, and via graphical user interfaces (GUIs) to the humans who consume the data, there is a marked lack of ability for devices to exchange information among themselves. Would it not be good if the infusion pump and the respiratory machine connected to the patient utilized only one sensor for each vital sign in common, rather than requiring one per device? Common application programming interfaces (APIs) should allow each vendor to concentrate on what they do best while both accepting and providing information to other medical systems in a trusted manner. Disparate vendors are working together on a trusted interchange gateway.

Considerations for the Future

Wireless is advancing rapidly, with considerable leaps in technology. The impacts of further new technologies will quickly make legacy systems and devices obsolete. 802.11 is a poor method for allocation of air time. As one possible alternative, LTE operates much like an arbitrated bus of a switch or a modern computer backplane and is widely available today. The hindrance to LTE is the tight control exercised by the patent owner, so it may not itself be the future, but some mechanism will come to the forefront. Being backwards compatible has served 802.11 till now, but at some point the switch to an incompatible technology must be made. The frequencies in use (the unlicensed ISM bands) will most likely remain the same but the use of that space will need to change. The concept underlying TWH geometric RF design is to permit the introduction of a new technology on independent pre-planned frequency spans within the medical RF system while permitting legacy devices and applications to continue to work. Medical devices will need to be licensed with the understanding that the low layer protocols will be swapped out from 802.11 to something more efficient—there will be no need to replace the physical infrastructure wholesale, nor to change the way the rest of the medical applications work.

Conclusion

TWH is a fusion of concepts, which together can deliver trust and assurance to a medical wireless system. The goal is to provide medically needed data, delivered wirelessly in a timely, certain and private manner, all the while removing unintended consequences from the use of disparate tech-nologies which often do not work together. With TWH in place, the medical community can rely on trusted wireless transport to provide new advances in medical care.

AUTHOR BIOGRAPHY: Mitchell Ross is the principal for Trusted Wireless Health at the Center for Medical Interoperability in Nashville, TN. He has more than 40 years of experience in machine-to-machine communications and has worked at NASA, Xerox, Pratt & Whitney, General Motors and Digital Equipment Corporation. Beginning with the wide-scale adoption of IEEE 802.11b in the late 1990s, he has spent the last 18 years working to optimize Wi-Fi installations. He can be reached at mitchell.a.ross@Center4MI.org.

Categories

About the Center

The Center for Medical Interoperability is a 501(c)(3) cooperative research and development lab founded by health systems to simplify and advance data sharing among medical technologies and systems. We provide a centralized, vendor-neutral approach to performing technical work that enables person-centered care, testing and certifying devices and systems, and promoting the adoption of scalable solutions.

Membership

Membership in the Center is an opportunity – to chart a course that will change our country forever, to touch countless lives now and for generations to come, to shape the future of care delivery. Learn More »